This Vulnerability in Bitcoin was Hidden for Two Years

A researcher discovered a vulnerability in the Bitcoin network 2 years ago and chose to keep technical details secret to protect the industry from digital thieves. The same vulnerability in another crypto currency recently brought the incident to light in 2018.

Braydon Fuller, who studied security in the Bitcoin network, discovered a fundamental bug in the Bitcoin Core in 2018. The security researcher avoided making a public statement, as he did not want this problem to be turned into an advantage by hackers for both Bitcoin and other networks. The BTC protocol engineer who corrected it after realizing this coding error in Bitcoin Core, the software behind BTC, continued to keep details about the incident until last week.

This Error Could Have Caused Many Bad Results

Discovered 2 years ago by Braydon Fuller, the INVDos vulnerability is an error that we can define in the “denial-of-service” class. Fuller explained in the article published on Wednesday that if this error falls into the hands of malicious people, it can cause many consequences. While the researcher encountered this vulnerability in 2018, he suggested that a possible INVDos attack could affect 50% of the Bitcoin ecosystem.

Realizing this vulnerability, hackers could reach more than 50% of Bitcoin nodes, causing a lot of damage. Fuller argued that if malicious actors could reach these nodes and shut them down, mining actions could be wasted and block delays or that intervention could lead to temporary network disruption.

In addition, the researcher said that it is possible that some time-sensitive contracts will be interrupted and economic activities may be hampered. Fuller stated that in such a scenario, trading, exchanges, atomic transactions and HTLC payment channels would be inevitable.

As the BTC protocol engineer noticed the gap, he forwarded it to the problematic parties without much detail, and the error was recorded in the Common Vulnerabilities and Exposures database of the National Institute of Standards and Technology with the code CVE-2018-17145. Other tokens that used the original Bitcoin software with INVDos vulnerability, Litecoin and Namecoin, could also be affected by this bug, according to Fuller.

Rediscovered After 2 Years

The technical details of this 2018 incident were revealed by the same deficit caught in a cryptocurrency that benefited from the old version of Bitcoin Core and was unable to access this correction. Javed Khan, another Bitcoin protocol engineer, observed the same error on the Decred (DCR) network this summer. Khan reported the error to the relevant authorities, and this time the incident resulted in wider public awareness.

On the developments, Fuller and Khan published a joint article, making all the details of the INVDos vulnerability public. According to the statements made by Fuller and Khan, there has not yet been an attack on the networks by exploiting this vulnerability. But thanks to this detailed article, all cryptocurrencies forked from the old version of Bitcoin, in order not to have a problem in the future; They can check errors within their own systems.

Read More: This Vulnerability in Bitcoin was Hidden for Two Years

Notify of
Inline Feedbacks
View all comments

Get more stuff like this
in your inbox

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.